<?php
/*
 * @Author: your name
 * @Date: 2020-12-07 10:25:37
 * @LastEditTime: 2020-12-09 11:28:05
 * @LastEditors: Please set LastEditors
 * @Description: In User Settings Edit
 * @FilePath: /v3/application/common/wipf/RuleService.php
 */
namespace app\common\wipf;

use think\Db;

class WipfRuleService
{
    //防火墙默认处理方式
    public $default_process = '';
    //主机id
    protected $host_id = 0 ;

    function __construct($host_id, $default_process)
    {
        $this->host_id = $host_id;
        $this->default_process = $default_process;
    }
    /**
     * @name: 查询主机 标准规则和ips规则
     * @Param: 
     * @Description: 
     * @Author: foo
     * @Date: 2020-12-07 10:26:40
     */
    public function allRule ($config_data)
    {
        //查询官方策略组规则
        $sys_rule = $this->normalRule();
        //查询用户自定义规则
        $user_rule = $this->ipsRule();
        //黑名单规则
        $black_rule = $this->blackRule($config_data['black']);
        //CSRF防御规则
        $csrf_rule = $this->csrfRule($config_data['csrf']);

        $return = array_merge($user_rule, $sys_rule, $black_rule, $csrf_rule);

        return $return;
    }

    /**
     * @name: 黑名单规则
     * @Param: 
     * @Description: 
     * @Author: foo
     * @Date: 2020-12-07 10:30:00
     */
    public function blackRule ($black)
    {
        /**
        *  黑名单规则 如果开启黑名单就加入一条规则 未开启就不加入
        *  [
        *     'sid' => 500000100,
        *     'description' => '攻击IP临时黑名单',
        *     'rule' => 'Kcv+7QmE2Wt8XuvISPfm4hHy4H61s743SWOAEQkO+cGYvenerF7FQODjCXWoLmTPiDAGk48PC3678g69B2hMyvqGJtcO5wX2QR/16dXtx8vm45YL8z8P2fogdltu2gu8YJCfyQao1ZUHecr9kI5Iw1e4mRjWTzO4HTf/nX8P4koCtdwtaeNylOM4adL7UX+VNANOBnZS2wGT3tcm'
        *  ]
        */
        $return = [];
        if ($black)
        {
            $return = [
                [
                    'rule' => 'Kcv+7QmE2Wt8XuvISPfm4hHy4H61s743SWOAEQkO+cGYvenerF7FQODjCXWoLmTPiDAGk48PC3678g69B2hMyvqGJtcO5wX2QR/16dXtx8vm45YL8z8P2fogdltu2gu8YJCfyQao1ZUHecr9kI5Iw1e4mRjWTzO4HTf/nX8P4koCtdwtaeNylOM4adL7UX+VNANOBnZS2wGT3tcm',
                    'mode' => $this->default_process . '_sys'
                ]
            ];
        }

        return $return;
    }

    /**
     * @name: CSRF 规则
     * @Param: 
     * @Description: 
     * @Author: foo
     * @Date: 2020-12-07 10:42:58
     */
    public function csrfRule ($csrf)
    {
        /**
        *  CSRF 规则 如果开启CSRF防御功能就加入一条规则 未开启就不加入
        *  [
        *     'sid' => 500000101,
        *     'description' => 'CSRF防御规则',
        *     'rule' => 'Kdfp6VnF1nwlH+TfEfr1/BWe/H6xvLIhXmeTBgh9uM6P5OGbskqYWCQ04cJpfZo3iyMrkpoACmqd8S+yBllzAUEGpi/adbgoEFC07dXrw5nm9M4e/gwVz+AzdwUhlT2/WoCFwxf4z81fPIGCkJFb1h/sgwfdASOlDH/w2i0ZrkADvdtlPelrleN6PIDmGTzXKVIBUmVUxgCClpdC7//efm+Tcjb/Ebuqp7hNzHMBHr0='
        *  ]
        */
        $return = [];
        if ($csrf)
        {
            $return = [
                [
                    'rule' => 'Kdfp6VnF1nwlH+TfEfr1/BWe/H6xvLIhXmeTBgh9uM6P5OGbskqYWCQ04cJpfZo3iyMrkpoACmqd8S+yBllzAUEGpi/adbgoEFC07dXrw5nm9M4e/gwVz+AzdwUhlT2/WoCFwxf4z81fPIGCkJFb1h/sgwfdASOlDH/w2i0ZrkADvdtlPelrleN6PIDmGTzXKVIBUmVUxgCClpdC7//efm+Tcjb/Ebuqp7hNzHMBHr0=',
                    'mode' => $this->default_process . '_sys'
                ]
            ];
        }

        return $return;
    }

    /**
     * @name: 官方策略组规则
     * @Param: 
     * @Description: 
     * @Author: foo
     * @Date: 2020-12-07 13:08:07
     */
    public function normalRule ()
    {
        $return = Db::name('ips_normal_rule')->alias('nr')
        ->field('nr.content as rule, hnrr.handle as mode')
        ->join('HostNormalRuleRelation hnrr', 'nr.id = hnrr.rule_id')
        ->where('hnrr.host_id', $this->host_id)->where('hnrr.status', 1)
        ->select();

        foreach ($return as $k => $sysRule){
            $return[$k]['rule'] = $sysRule['rule'];
            $return[$k]['mode'] = $sysRule['mode'] > 0 ? $sysRule['mode'] > 1 ? 'alert_sys' : 'pass_sys' : $this->default_process . '_sys';
        }

        return $return;
    }

    /**
     * @name: ips用户自定义规则
     * @Param: 
     * @Description: 
     * @Author: foo
     * @Date: 2020-12-07 13:09:42
     */
    public function ipsRule ()
    {
        $return = Db::name('IpsRule')->field('execute_content rule, handle as mode')
            ->where('host_id', $this->host_id)->where('status', 1)->select();

        //0禁止(reject) 1允许(pass) 2警告(alert)
        foreach ($return as $key => $userRule){
            $return[$key]['rule'] = $userRule['rule'];
            $return[$key]['mode'] = $userRule['mode'] > 0 ? $userRule['mode'] > 1 ? 'alert_user' : 'pass_user' : $this->default_process . '_user';
        }

        return $return;
    }
}